34C3 - Bringing Linux back to server boot ROMs with NERF and Heads
https://media.ccc.de/v/34c3-9056-bringing_linux_back_to_server_boot_roms_with_nerf_and_heads
The NERF and Heads projects bring Linux back to the cloud servers' boot ROMs by replacing nearly all of the vendor firmware with a reproducible built Linux runtime that acts as a fast, flexible, and measured boot loader. It has been years since any modern servers have supported Free Firmware options like LinuxBIOS or coreboot, and as a result server and cloud security has been dependent on unreviewable, closed source, proprietary vendor firmware of questionable quality. With Heads on NERF, we are making it possible to take back control of our systems with Open Source Software from very early in the boot process, helping build a more trustworthy and secure cloud.
The NERF project was started by Ron Minnich (author of LinuxBIOS and lead of coreboot at Google) in January 2017 with the goal to bring Linux back to the BIOS by retaining a minimal set of PEI modules for memory controller initialization and replacing the entirety of the server vendor's UEFI DXE firmware with a reproducibly built Linux runtime. It has been ported to a few different manufacturer's servers, demonstrating the general portability of the concept.
NERF is fast - less than twenty second boot times, versus multiple minutes. It's flexible - it can make use of any devices, filesystems and protocols that Linux supports. And it's open - users can easily customize the boot scripts, fix issues, build their own runtimes and reflash their firmware with their own keys.
The Heads runtime was started by Trammell Hudson (author of Thunderstrike and Magic Lantern) and was presented last year at 33c3. It is a slightly more secure bootloader that uses Linux, the TPM, GPG and kexec to be able to load, measure, verify and execute the real kernel. As part of porting Heads to work with NERF on server platforms, it now includes tools like Keylime to allow severs to remotely attest to user controlled systems that the NERF/Heads firmware matches what they expect, as well as network and iSCSI drivers for diskless compute node servers.
In this talk we'll provide an overview of the NERF project, the currently supported server mainboards, and the continued development on the Heads runtime that allows more trust in the servers that make up the cloud.
Trammell Hudson
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/9056.html
Видео 34C3 - Bringing Linux back to server boot ROMs with NERF and Heads канала media.ccc.de
The NERF and Heads projects bring Linux back to the cloud servers' boot ROMs by replacing nearly all of the vendor firmware with a reproducible built Linux runtime that acts as a fast, flexible, and measured boot loader. It has been years since any modern servers have supported Free Firmware options like LinuxBIOS or coreboot, and as a result server and cloud security has been dependent on unreviewable, closed source, proprietary vendor firmware of questionable quality. With Heads on NERF, we are making it possible to take back control of our systems with Open Source Software from very early in the boot process, helping build a more trustworthy and secure cloud.
The NERF project was started by Ron Minnich (author of LinuxBIOS and lead of coreboot at Google) in January 2017 with the goal to bring Linux back to the BIOS by retaining a minimal set of PEI modules for memory controller initialization and replacing the entirety of the server vendor's UEFI DXE firmware with a reproducibly built Linux runtime. It has been ported to a few different manufacturer's servers, demonstrating the general portability of the concept.
NERF is fast - less than twenty second boot times, versus multiple minutes. It's flexible - it can make use of any devices, filesystems and protocols that Linux supports. And it's open - users can easily customize the boot scripts, fix issues, build their own runtimes and reflash their firmware with their own keys.
The Heads runtime was started by Trammell Hudson (author of Thunderstrike and Magic Lantern) and was presented last year at 33c3. It is a slightly more secure bootloader that uses Linux, the TPM, GPG and kexec to be able to load, measure, verify and execute the real kernel. As part of porting Heads to work with NERF on server platforms, it now includes tools like Keylime to allow severs to remotely attest to user controlled systems that the NERF/Heads firmware matches what they expect, as well as network and iSCSI drivers for diskless compute node servers.
In this talk we'll provide an overview of the NERF project, the currently supported server mainboards, and the continued development on the Heads runtime that allows more trust in the servers that make up the cloud.
Trammell Hudson
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/9056.html
Видео 34C3 - Bringing Linux back to server boot ROMs with NERF and Heads канала media.ccc.de
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
OSFC 2019 - Coreboot 20th Anniversary34C3 - The Ultimate Apollo Guidance Computer TalkBooting fasterOpen source UEFI and TianoCoreMy experience with CorebootHow to use UEFI | Every other YouTube video is WRONG!36C3 - Hacking (with) a TPMradare demystified (33c3)34C3 - eMMC hacking, or: how I fixed long-dead Galaxy S3 phonesEric Myhre: Standardizing error codes: Introducing Serum, and the Serum Analyzer for GolangDissecting the AMD Platform Security ProcessorMarkus Seifert: Solarinsel im GartenhausDr. med. Stefan Streit: Datenökonomie im Gesundheitsdatenraum - muss das sein?35C3 - Hunting the Sigfox: Wireless IoT Network Security34C3 - Deep Learning Blindspotsbazjo: Gender Diversity in der Elektrotechnik - Die bunte Welt der Steckverbinder36C3 - The Great Escape of ESXiDDoS kommt aus dem Internet und schmeckt AUA!Fridtjof Siebert: Fuzion — Eine neue Programmiersprache für Sicherheit